Why a DDoS attack took much of the internet down today

Leon Hitchens

3 years ago

If you were on Twitter or tried to access Spotify, Reddit, or many large websites today, you might have caught wind of a DDoS attack against Dyn DNS. These hackers that were behind the attacks used IoT connected webcams and other devices to launch the attack against Dyn’s primary Domain Name System (DNS) at 11:10 UTC (7:10 am EST). The attack wasn’t resolved into much later in the afternoon, around 1:00 pm EST, with many services still have issues resolving.

We are continuing to mitigate a DDoS against our Managed DNS network. For more information visit our status page.

The big problem with the attack, and why it took much of the internet down is how these attackers targeted. Dyn is a core part of the web; essentially a phone book connecting IP addresses to domain names like DigitalBounds.com. Dyn had to manage the attack themselves, and couldn’t send the attack upstream to the primary Internet provider like Level3. Hosting companies like Digital Ocean often do this to offload the attack to a place that can better manage the traffic, or to completely block the attacking IP addresses. In this attack, Dyn is part of the upstream or core internet. They couldn’t offload the attack because they had to manage the attack themselves.

The scale of this attack was massive with terabytes of data being transferred, and taking down the internet for millions of people on the east coast, west coast, Texas, and parts of Eupore. I didn’t have internet access much of the morning or into mid afternoon. At most many sites were still having issues resolving or were being slow.

Scott Hilton, EVP, Products at Dyn has issued a statement on the matter:

This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States. DNS traffic resolved from east coast name server locations are experiencing a service degradation or intermittent interruption during this time. Updates will be posted as information becomes available.

Upon recognition, active mitigation protocols were initiated and have been working to resolve the issues.

Customers with questions or concerns are encouraged to check our status page for updates and reach out to our Technical Support Team.

If this sort of attack ever happens again, which it likely will, there are ways to mitigate the effects of the attack. Many Twitter users pointed out you could switch to Google’s DNS service or even OpenDNS.

Dyn DNS observed over three massive attacks through the day, and over the coming days more information will come out. The United States Department of Homeland Security is launching an investigation, with other outside security and IT companies doing the same. In the end, we need to offer better protection for our IoT devices, not only that we need to hold companies to higher standards with their IoT devices. There should fail safes against this; software on the instrument could manage internet access because these devices don’t need to send thousands of bytes of information each second. They only need periodic updates and access when we try to access them.

The assault against the internet had many up in arms asking – what happened and how someone had the power to launch an attack like this. Tell us in the comments below if you were affected by this attack, or if you own a IoT device!